tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (David M. Karr)
Subject Simple test of BASIC authentication seems to bypass login dialog
Date Mon, 11 Jun 2001 04:48:19 GMT
I'm working through examples in "Professional JSP - 2nd Edition".  Almost
everything I've tried, using Tomcat4b5, worked on the first try.

I'm now looking at the authentication examples.  There is a simple example of
an application that uses BASIC authentication.  It has a "web.xml" that
specifies the "security-constraint" with a "web-resource-collection", and a
"login-config" that specifies an "auth-method of "BASIC".  There is also a
simple "index.jsp" that prints out the current "AuthMethod".  The example also
shows a sample "tomcat-users.xml" to authenticate against.

When I try to access the "index.jsp" from a browser (NS4.7 & IE5), it never
displays a login dialog, and the output from "index.jsp" says the "AuthMethod"
is "null".  I looked at the log files, and I see that it prints out my
"web-resource-name" correctly, so I know it's reading my "web.xml" file, and
getting at least one data item out of it.

I looked through the tomcat-users archive, and I didn't notice anything like

I'd appreciate it if someone could lead me in the right direction to understand
why this is happening.

An excerpt from the application log file is:
2001-06-10 12:31:23 StandardContext[/ch16b]: Starting completed
2001-06-10 12:31:32 Authenticator[/ch16b]: Security checking request GET /ch16b/index.jsp
2001-06-10 12:31:32 Authenticator[/ch16b]:  Subject to constraint SecurityConstraint[Entire
2001-06-10 12:31:32 Authenticator[/ch16b]:  Calling checkUserData()
2001-06-10 12:31:32 Authenticator[/ch16b]:  Successfully passed all security constraints
2001-06-10 12:31:32 StandardContext[/ch16b]: Mapping contextPath='/ch16b' with requestURI='/ch16b/index.jsp'
and relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]: Decoded relativeURI='/index.jsp'
2001-06-10 12:31:32 StandardContext[/ch16b]:  Mapped to servlet 'jsp' with servlet path '/index.jsp'
and path info 'null' and update=true

"index.jsp" follows:
  <title>Protected Area Page</title>
   out.println("<h2>Authentication Mechanism " + request.getAuthType() + "</h2>");

<?xml version="1.0" ?>
<!DOCTYPE web-app
   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   <web-resource-name>Entire Application</web-resource-name>
  <realm-name>ProJSP Authentication Example</realm-name>

David M. Karr          ; Best Consulting   ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)

View raw message